On Wed, Nov 21, 2012 at 3:47 PM, Scott Nelson wa6...@gmail.com wrote:
On Nov 21, 2012, at 2:23 PM, dan (ddp) wrote:
Hmm. Okay, please have patience with me, so if I then forget about hybrid
mode, then how do I forward logs safely and securely over the internet to
my central ossec server?
On Tue, Nov 20, 2012 at 5:38 PM, Scott wa6...@gmail.com wrote:
I should mention this is OSSEC 2.7
On Tuesday, November 20, 2012 4:35:31 PM UTC-6, Scott wrote:
Hi everyone,
Sorry to be on the list so much, but I've hit another block in my
understanding of ossec.
What am I doing wrong
On Thu, Nov 22, 2012 at 11:30 AM, Nick Davies n...@badhedgehog.co.uk wrote:
AND...
I've downloaded and installed 2.7 but am getting the same results. Looking
at read_win_el.c (line 57 this time) it looks to still be using OpenEventLog
rather than EvtOpenLo.
Is my diagnosis of the problem
On Tue, Nov 20, 2012 at 9:28 PM, peng lin linpeng0...@gmail.com wrote:
hi,i upgrade to ossec 2.7 final . both 2.7 final and 2.7 bete2 ,i used mysql
to store message,everything seems ok,mysql have datas, but
sometimes , i saw this error:
2012/11/21 10:03:38 ossec-dbd(5203): ERROR: Error
On Tue, Nov 20, 2012 at 11:04 AM, Scott Nelson wa6...@gmail.com wrote:
On Nov 20, 2012, at 9:27 AM, dan (ddpbsd) wrote:
Ok, this has totally confused me. Maybe you should provide your
configurations. I don't know whether you're using syslog or the OSSEC secure
method of transport.
Sorry
On Tue, Nov 20, 2012 at 11:08 AM, Francisco Jelves
francisco.jel...@gmail.com wrote:
After running OSSEC server upgrade 2.6 to 2.7 final release, the / var /
ossec / logs / alerts / alerts.log is zero bytes.
The following command displays all disconnected agents: if Never connected.
. /
I'm contemplating it but my C is rusty to say the least, I haven't needed
to use it for over a decade. I'll have a hack and see what turns up.
Regards,
Nick
On 23 November 2012 13:15, dan (ddp) ddp...@gmail.com wrote:
On Thu, Nov 22, 2012 at 11:30 AM, Nick Davies n...@badhedgehog.co.uk
Is there any documentation/guidance on how the -f flag can be used to
generate bulk keys? I've attempted to format the input file as a csv with
id, name, and ip without luck.
On Fri, Nov 23, 2012 at 11:47 AM, Johnny js69...@gmail.com wrote:
Is there any documentation/guidance on how the -f flag can be used to
generate bulk keys? I've attempted to format the input file as a csv with
id, name, and ip without luck.
I've been unable to find the original submission for
On Fri, Nov 23, 2012 at 12:03 PM, dan (ddp) ddp...@gmail.com wrote:
On Fri, Nov 23, 2012 at 11:47 AM, Johnny js69...@gmail.com wrote:
Is there any documentation/guidance on how the -f flag can be used to
generate bulk keys? I've attempted to format the input file as a csv with
id, name, and ip
I apologies before hand if I double posted; I sent an email to ossec-list
48 hours ago but didn't see any activity or it being posted here on the
google group so I deduced something went wrong.
I am attempting to use the process monitor + check_diff option to validate
if 3 processes are
On Fri, Nov 23, 2012 at 1:58 PM, JPZ jp.zurbr...@gmail.com wrote:
I apologies before hand if I double posted; I sent an email to ossec-list 48
hours ago but didn't see any activity or it being posted here on the google
group so I deduced something went wrong.
I am attempting to use the
Hi,
I have been working on configuring OSSEC to monitor some Ubuntu virtual
boxes hosting web servers. The manager server is a smallish vbox originally
created to host Nagios and MRTG.
Today as I was trying to edit the ossec.conf, I got a 'swap write error'.
OSSEC had filled the smallish
On Fri, Nov 23, 2012 at 2:37 PM, Sue susan.hes...@gmail.com wrote:
Hi,
I have been working on configuring OSSEC to monitor some Ubuntu virtual
boxes hosting web servers. The manager server is a smallish vbox originally
created to host Nagios and MRTG.
Today as I was trying to edit the
Aah, there we go! Thanks a million for quick replies Dan.
For whom ever stumbles on my case facing the same problem, here is the
fixed configuration:
localfile
log_formatfull_command/log_format
commandps -eo cmd |grep arpwatch/command
aliasARPWATCH-check/alias
/localfile
Remember that in match, the pipe symbol | has special meaning: or
On Nov 23, 2012 1:51 PM, JPZ jp.zurbr...@gmail.com wrote:
Aah, there we go! Thanks a million for quick replies Dan.
For whom ever stumbles on my case facing the same problem, here is the
fixed configuration:
localfile
The ignores are just the defaults; I am under the impression that an ignore
doesn't stop the check, but only the reporting of the check. so I am
guessing that wouldn't keep the files from being copied...
syscheck
!-- Frequency that syscheck is executed - default to every 22 hours --
17 matches
Mail list logo